Certified Ethical Hacker (CEH v12) — Question 109

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks.
Which of the following security scanners will help John perform the above task?

Answer options

• A. AlienVault® OSSIMTM
• B. Syhunt Hybrid
• C. Saleae Logic Analyzer
• D. Cisco ASA

Correct answer: B

Explanation

The correct answer is B, Syhunt Hybrid, which is specifically designed for web application security testing and can detect a variety of vulnerabilities, including XSS, SQL injection, and others mentioned. Option A, AlienVault® OSSIMTM, is more focused on security information and event management rather than web application testing. Option C, Saleae Logic Analyzer, is a hardware tool for debugging digital signals and is not relevant for web security. Option D, Cisco ASA, is a firewall and VPN solution that does not specialize in web application vulnerability scanning.